Researcher’s footnote 7–19–2024: CrowdStrike causing cloud strife to your organization? Do these steps!
Good morning folks,
I thought I’d take the time to put out a brief step-by-step post on how to mitigate an issue present in the infosec world.
Briefly describing the issue: An update was pushed out to organizations who use CroudStrike products. This update contained a corrupt system file. This file is causing computers worldwide to experience blue screens of death upon rebooting. Sectors impacted include Hospitals, Banking institutions, Transportation and Emergency services [1].
Microsoft’s mitigation steps include restarting your computer up to 15 times [2]. This may not be an ideal fix for many users as it requires local system access as well as random luck to work. This blog post will detail steps tech-savvy and non-technical users can take in order to quickly fix their organization’s systems and get back up and running. Please read on to find the steps in the paragraph below:
1. On a system experiencing the issue, start by powering down the system.
2. Press the power button.
3. As the computer boots up, press F12 to enter the boot menu. NOTE: this menu may automatically appear if the computer has been rebooted twice or more.
4. From recovery options, select “see advanced repair options”.
5a. Select troubleshoot
5b. From advanced options, select “see more recovery options”
5c. Choose command prompt
6. You should now see a command prompt window in black with a flashing “X:\” cursor.
7. Enter the following string below and press enter for each complete command. Please make sure the characters typed exactly so as to not remove a necessary system file. NOTE: this assumes the filesystem is on the C drive. replace “c:” to your computer’s main OS drive if this differs.
C:
cd C:\Windows\System32\drivers\CrowdStrike
del C-00000291*.sys
8. You can confirm the file is removed by typing “dir” and pressing enter.
9. The file causing the issue is now removed. Reboot the system. The system should now power on.
If you have any questions or comments on this fix, please feel free to reach out or comment below. Thanks for reading. Good luck and Stay Safe.
Citations:
[1] https://www.securityweek.com/major-outages-worldwide-linked-to-bsod-caused-by-bad-crowdstrike-update/
